diff options
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 29 | ||||
-rw-r--r-- | todo | 3 |
3 files changed, 31 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e3a56704f..5a917fd1f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -38,6 +38,7 @@ | |||
38 | #define BIN_DIR "/run/firejail/mnt/bin" | 38 | #define BIN_DIR "/run/firejail/mnt/bin" |
39 | #define DRI_DIR "/run/firejail/mnt/dri" | 39 | #define DRI_DIR "/run/firejail/mnt/dri" |
40 | #define PULSE_DIR "/run/firejail/mnt/pulse" | 40 | #define PULSE_DIR "/run/firejail/mnt/pulse" |
41 | #define DEVLOG_FILE "/run/firejail/mnt/devlog" | ||
41 | #define WHITELIST_HOME_DIR "/run/firejail/mnt/whome" | 42 | #define WHITELIST_HOME_DIR "/run/firejail/mnt/whome" |
42 | #define XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" | 43 | #define XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" |
43 | #define HOSTNAME_FILE "/run/firejail/mnt/hostname" | 44 | #define HOSTNAME_FILE "/run/firejail/mnt/hostname" |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index ec7126ffd..469cf48ab 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -74,7 +74,6 @@ void fs_private_dev(void){ | |||
74 | 74 | ||
75 | // create DRI_DIR | 75 | // create DRI_DIR |
76 | fs_build_mnt_dir(); | 76 | fs_build_mnt_dir(); |
77 | |||
78 | if (have_dri) { | 77 | if (have_dri) { |
79 | /* coverity[toctou] */ | 78 | /* coverity[toctou] */ |
80 | rv = mkdir(DRI_DIR, 0755); | 79 | rv = mkdir(DRI_DIR, 0755); |
@@ -90,10 +89,36 @@ void fs_private_dev(void){ | |||
90 | errExit("mounting /dev/dri"); | 89 | errExit("mounting /dev/dri"); |
91 | } | 90 | } |
92 | 91 | ||
92 | // restore /dev/log | ||
93 | int have_devlog = 0; | ||
94 | if (stat("/dev/log", &s) == 0) { | ||
95 | have_devlog = 1; | ||
96 | FILE *fp = fopen(DEVLOG_FILE, "w"); | ||
97 | if (!fp) | ||
98 | have_devlog = 0; | ||
99 | else { | ||
100 | fprintf(fp, "\n"); | ||
101 | fclose(fp); | ||
102 | if (mount("/dev/log", DEVLOG_FILE, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
103 | errExit("mounting /dev/log"); | ||
104 | } | ||
105 | } | ||
106 | |||
93 | // mount tmpfs on top of /dev | 107 | // mount tmpfs on top of /dev |
94 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 108 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) |
95 | errExit("mounting /dev"); | 109 | errExit("mounting /dev"); |
96 | 110 | ||
111 | // bring back /dev/log | ||
112 | if (have_devlog) { | ||
113 | FILE *fp = fopen("/dev/log", "w"); | ||
114 | if (fp) { | ||
115 | fprintf(fp, "\n"); | ||
116 | fclose(fp); | ||
117 | if (mount(DEVLOG_FILE, "/dev/log", NULL, MS_BIND|MS_REC, NULL) < 0) | ||
118 | errExit("mounting /dev/log"); | ||
119 | } | ||
120 | } | ||
121 | |||
97 | // bring back the /dev/dri directory | 122 | // bring back the /dev/dri directory |
98 | if (have_dri) { | 123 | if (have_dri) { |
99 | /* coverity[toctou] */ | 124 | /* coverity[toctou] */ |
@@ -105,7 +130,7 @@ void fs_private_dev(void){ | |||
105 | if (chmod("/dev/dri",0755) < 0) | 130 | if (chmod("/dev/dri",0755) < 0) |
106 | errExit("chmod"); | 131 | errExit("chmod"); |
107 | if (mount(DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) | 132 | if (mount(DRI_DIR, "/dev/dri", NULL, MS_BIND|MS_REC, NULL) < 0) |
108 | errExit("mounting /dev"); | 133 | errExit("mounting /dev/dri"); |
109 | } | 134 | } |
110 | 135 | ||
111 | // create /dev/shm | 136 | // create /dev/shm |
@@ -77,4 +77,7 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock | |||
77 | ./configure --enable-fatal-warnings --disable-chroot --prefix=/usr | 77 | ./configure --enable-fatal-warnings --disable-chroot --prefix=/usr |
78 | ./configure --enable-fatal-warnings --disable-bind --prefix=/usr | 78 | ./configure --enable-fatal-warnings --disable-bind --prefix=/usr |
79 | 79 | ||
80 | 12. help and man for all protocol commands | ||
81 | |||
82 | 13. add /dev/log to private dev in help and man | ||
80 | 83 | ||